So the email goes, “If you try to screw me, I will post your info – your home address, your mug shots on the dark web offering a reward for the first person to reach you…”
Enough people are getting threats sent to their inbox with personal information that the FBI has established a website to report such cases.
The recipient of the following threat was a businessman with several web domains.
“If you try to screw me, I will post your info – your home address, your mug shots on the dark web offering a reward for the first person to reach you,” the email threatened. It arrived in December, along with a ransom demand.
“I will notify members of MS13, negros [sic], the Aryans, or whoever is out there providing special services,” it continued. “There will be an open season and it will get ugly one way or another. God bless America, this country has so many nut jobs ready to do anything for some extra cash.”
The man on the receiving end thought it was spam and ignored it. Four days later, the sender looped in the man’s wife. Seven days after that, his daughter was added to the email chain, which now included more specific threats.
“She lives in LA, right?” the emailer tried again. “Now think, how ignoring me will help from encounter with some Salvadorian animal. Or a white trash. You still don’t take my words seriously, thinking I’m bluffing? Looks like you are a gambler and willing to gamble, otherwise I can’t explain why you’re willing to risk your relatives.”
Contributing to these email threats are the rise of cryptocurrencies like Bitcoin and the massive amount of personal information on Facebook and Linkedin.
In late December, the FBI started asking victims to report these type of emails through its internet crime website, citing a “recent increase in people reporting e-mail threats.”
“This is just beginning and it’s getting much more complex,” said Jeff Moulton, who runs Louisiana State University’s Transformational Technology and Cyber Research Center.
Unfortunately, the FBI is unable to follow-up on each and every email threat. But in this case, Moulton’s team was able to track the email through a Swiss server to China. They have doubts that the emailer is from China, as he or she may simply be using China’s systems for cover. After that, the trail goes cold.
Moulton believes the rise in cryptocurrencies goes hand in hand with the rise of these email threats. “It’s very hard for someone to get a sack of cash, it’s a whole lot easier in the digital world to make that transaction occur, it’s just a click,” Moulton said
“Social media is certainly a big part of this,” said Johannes Ullrich, dean of research at the SANS Technology Institute. “Facebook and LinkedIn is being harvested. It’s easy and it’s effective, that’s the combination that they’re abusing here.”
“It’s Russian Roulette—you don’t know when that one bullet is going to be real,” Moulton said.
Moulton says most of the time the sender is after money but that could also change. He’s seen threats focused on getting access to domain names or other digital things of value, and is concerned that it might become a tool for broader blackmail in the future.